ASM detected possible Detection Evasion and HTTP Command injection in traffic

Question

detected possible Detection Evasion and HTTP Command injection in traffic sourcing from hosts destined for F5 VIPs via port http 80. no indication of activity being blocked/denied. &nbsp;
Is this a Application Security, hotfix issue or http security profile configuration?&nbsp;

chris_grant · Answer

Those are part of your ASM security policy.  Whether or not it was blocked would be based on your settings.  You can read more about attack signatures and evasion settings here:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/26.html&nbsp;
or here:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/f5-asm-operations-guide.pdf&nbsp;
Basically ASM is reporting that someone tried to attack your web infrastructure and tried to do it in such a way that they would slip past a web application firewall.  Normally this is done by encoding a string multiple times.&nbsp;

Forum Discussion

ASM detected possible Detection Evasion and HTTP Command injection in traffic

1 Reply

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

F5 Distributed Cloud JA4 detection for enhanced performance and detection

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

Operationlizing Online Fraud Detection, Prevention, and Response

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS